From: The SANS Institute (NewsBitessans.org)
Date: Fri May 05 2006 - 11:36:39 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SANS Log Management Summit (Washington DC, July 12-14) is now available
for registration. It is the only user-to-user conference where you'll
learn what actually works in compliance, security and other (surprising)
applications of log management. No vendor hype: just real world case
studies of successes and failures. If you are coming to SANSFIRE in
Washington stay for the Log Management Summit and save nearly one third
off the cost.

Registration for Log Management: http://www.sans.org/logmgtsummit06
Registration for SANSFIRE: http://www.sans.org/sansfire06
 
And on Tuesday (May 9 at 1 PM EDT) we'll have a related "Ask the
Experts" web cast on how to use these tools to monitor privileged users.
It's a tough and important task that Dave Shackleford and Kristin
Gallina Lovejoy will illuminate and make a little easier.
To register for the free webcast called: "Who is Guarding the Cyber
Guards" go to https://www.sans.org/webcasts/show.php?webcastid=90724

                                  Alan

*************************************************************************
SANS NewsBites May 5, 2006 Vol. 8, Num. 36
*************************************************************************

TOP OF THE NEWS
  Millions of Blogs Inaccessible Due to DDoS Attack
  Soon-to-be-Proposed Digital Copyright Legislation Would Tighten Restrictions

THE REST OF THE WEEK'S NEWS
  HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
    Defense Security Service Temporarily Stops Issuing Clearances
    Air Force Victorious in Sixth Annual Cyber Defense Exercise
  SPYWARE, SPAM & PHISHING
    FTC Cases Against Alleged Spyware Operations Proceeding
  WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
    MySQL Database Update Addresses Handful of Flaws
    Critical Flaw Found in X Window System
    Mozilla Issues Update for Firefox
  ATTACKS & INTRUSIONS & DATA THEFT & LOSS
    Ohio University Acknowledges Computer Breaches
    UK Retailer Source of Credit Card Data Theft
    Man Charged with Illegally Accessing County Computer System
  MISCELLANEOUS
    Laptops are the Latest Card Theft Tools
    Schools' Eyes Opened to Computer Security Threats
    Professional Security Certification Comparison And Assessment

******************* Sponsored By CONSUL Risk Management *****************

UPCOMING SANS WEBCASTS NEXT WEEK
"Who's Guarding the Guards? Employing a Privileged User Monitoring Strategy"
May 9th 1pm-2pm ET. (1700 UTC/GMT)
http://www.sans.org/info.php?id=1136

and Internet Storm Center: "Threat Update"
Wednesday, May 10 at 1:00 PM EDT (1700 UTC/GMT)
http://www.sans.org/info.php?id=1135

*************************************************************************
TRAINING UPDATE SANSFIRE 2006 IN WASHINGTON DC
July 5-13 - Bring your family for the fireworks and stay for SANS
largest conference in Washington.

The industry's best security courses - extraordinary faculty;
authoritative up-to-the-minute material - shows you how to do the job
and gives you the confidence to go back and do it immediately.

"Jacked my paranoia level up around my ears, and then gave me the tools
to manage the threat." (Don Geiger, DCPS Division of Technology)

Offers every one of SANS' 17 immersion training courses plus 12 short
courses and a big exposition: SANS Security Essentials, Hacker
Exploits, System Forensics, Intrusion Detection, Auditing, plus training
for CISSP exam and all Technical certification required for DoD 8570 and
more. Plus special evening sessions by the global security leaders who
staff the Internet Storm Center.

http://www.sans.org/sansfire06/
*************************************************************************

TOP OF THE NEWS

 --Millions of Blogs Inaccessible Due to DDoS Attack
(4 May 2006)
A "massive" distributed denial-of-service (DDoS) attack on Six Apart's
blogging services and corporate web site left about 10 million
LiveJournal and TypePad blogs unreachable for hours on Tuesday, May 2.
Six Apart plans to report the attack to authorities.
http://www.zdnet.com.au/news/security/print.htm?TYPE=story&AT=39255176-2000061744t-10000005c

 --Soon-to-be-Proposed Digital Copyright Legislation Would Tighten Restrictions
(24 April 2006)
Despite efforts of computer programmers, tech companies and academics
to get Congress to loosen restrictions imposed by the Digital Millennium
Copyright Act (DMCA), an even more stringent copyright law is expected
to be introduced soon. The Intellectual Property Protection Act of 2006
would make simply trying to commit copyright infringement a federal
crime punishable by up to 10 years in prison. The bill also proposes
changes to the DMCA that would prohibit people from "making, importing,
exporting, obtaining control of or possessing" software or hardware that
can be used to circumvent copyright protection.
http://news.com.com/2102-1028_3-6064016.html?tag=st.util.print

************************ Sponsored Links: *****************************

1) ALERT: YOU vs Sober/Zotob/Bagle Variants? Is Your Internal Network
Safe? Download FREE White Paper "Zotob: Zero-Hour Detection and
Response" http://www.sans.org/info.php?id=1137

2) SANS OnSite InfoSec Training Your Location! Your Schedule! Lower
Cost! http://www.sans.org/info.php?id=1138

3) SANSHome - Security 601: Reverse-Engineering Malware - Hands-On
with Lenny Zeltser starts June 6. Save $150 by registering before May
17! Live training delivered to your home PC.
http://www.sans.org/athome/details.php?id=1418
***********************************************************************

THE REST OF THE WEEK'S NEWS

HOMELAND SECURITY AND GOVERNMENT SYSTEMS SECURITY
 --Defense Security Service Temporarily Stops Issuing Clearances
(2 May/29 April 2006)
Citing a high volume of applications and a lack of funding, the Defense
Security Service has announced that it will temporarily stop issuing
contractor security clearances. An increased demand for personnel with
security clearances has led to a large backlog of unprocessed
applications for clearance. Contractors may be asked to assume some of
the costs of processing the security clearance applications.
Information technology industry groups have lobbied Congress to address
the issue soon; the Information Technology Association of America has
asked that Congress pass legislation requiring the Defense Security
Service to resume processing clearance applications and to provide
funding through a supplemental budget bill.
http://appserv.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn_daily&story.id=40638
http://www.washingtonpost.com/wp-dyn/content/article/2006/04/28/AR2006042801878_pf.html
[Editor's Note (Weatherford) This will exacerbate an already critical
problem. For several years, defense contractors have had to bear the
burden of delays by DSS in the processing of security clearances and
this has had a significant impact on many programs since without a
clearance, people can't work. A lot of small businesses simply can't
afford to hire people and carry them as overhead until DSS gets around
to processing a clearance.]

 --Air Force Victorious in Sixth Annual Cyber Defense Exercise
(1 May 2006)
Five military academy teams took part in the sixth annual Cyber Defense
Exercise (CDX), a four-day competition that involves defending specially
constructed computer networks against attacks staged by a team of
National Security Agency (NSA) and Defense personnel. The teams, from
the Air Force, Coast Guard, Merchant Marine, Naval academies and the US
Military Academy at West Point, were scored on the security of their
networks as well as on keeping their networks operational. The Air
Force Academy took first place in the competition, which ran from April
10-13.
http://appserv.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn&story.id=40574
[Editor's Note (Paller): Kudos to all the participants, and especially
NSA for making it happen. I watched some of the process and interviewed
participants. The learning and discovery that goes on was wonderful. The
only sad element was that the Naval Post Graduate School didn't engage
this year (I think they lost last time), so on the graduate level, the
Air Force Institute of Technology had the field to itself. It was a
dominating performance by the Air Force- undergraduate and graduate.
(Guest Editor Tim Rosenberg): Congratulations to the Air Force Academy.
Exercises such as the CDX are an essential part of security training and
education. The gaming environment provides a safe place for people to
truly test their security knowledge and expertise without risking
production systems, live customer data or their jobs. The success of
the CDX over the years has led to several competitions involving public
sector universities; most notably the National Collegiate Cyber Defense
Competition recently held at University of Texas, San Antonio.]

SPYWARE, SPAM & PHISHING
 --FTC Cases Against Alleged Spyware Operations Proceeding
(4 May 2006)
The US Federal Trade Commission sued two alleged spyware operations,
alleging unfair and deceptive practices in violation of federal law.
Both were accused of taking control of users' computers without
permission and subjecting the users to a barrage of pop-up
advertisements. Smartbot.Net and its affiliate OptinTrade were ordered
to forfeit more than US$4 million in profit. Odysseus Marketing "has
been barred from collecting consumers' personal data pending trial."
http://www.computerworld.com/printthis/2006/0,4814,111144,00.html

WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
 --MySQL Database Update Addresses Handful of Flaws
(4 May 2006)
A patch released this week for the MySQL database addresses several
flaws that could be exploited locally and remotely. The flaws have been
assigned a severity rating of "moderate." The update, MySQL 5.0.21,
addresses vulnerabilities that exist in versions 4.0.26, 4.1.18, 5.0.20,
5.1.9 and earlier.
http://www.computerworld.com/printthis/2006/0,4814,111151,00.html
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html

 --Critical Flaw Found in X Window System
(4/3/2 May 2006)
A critical buffer overflow flaw in the X Window System code could be
exploited to give local users the ability to overwrite system files and
launch denial-of-service attacks. The flaw is attributed to a missing
parenthesis and was found as part of a Department of Homeland Security
(DHS) funded project. The vulnerability affects X11R6.9.0 and
X11R7.0.0.
http://www.computerworld.com/printthis/2006/0,4814,111149,00.html
http://www.eweek.com/print_article2/0,1217,a=177195,00.asp
http://www.theregister.co.uk/2006/05/03/x11/print.html

 --Mozilla Issues Update for Firefox
(2 May 2006)
Mozilla has released a Firefox update that addresses a recently reported
flaw in the way it handles certain "contentWindow.focus()" JavaScript
code. The flaw could be exploited to crash vulnerable browsers and
potentially fool the browser into running malicious code. Users can
disable JavaScript handling in Firefox as a protective measure. The
flaw does not affect Firefox 1.0 or Mozilla Suite 1.7.
http://www.computerworld.com/printthis/2006/0,4814,111091,00.html

ATTACKS & INTRUSIONS & DATA THEFT & LOSS

 --Ohio University Acknowledges Computer Breaches
(3/2 May 2006)
Ohio University has acknowledged two apparently unrelated computer
security breaches. An intrusion at a database server that holds
information belonging to more than 300,000 people affiliated with the
Athens Ohio-based school exposed approximately 137,800 Social Security
numbers (SSNs). IT officials became aware of the breach when they
discovered the server was being used to conduct a denial-of-service
attack. Logs indicate the server was breached as far back as 2005 from
IP addresses in the US and abroad. This particular server was scheduled
to be decommissioned over a year ago; because IT personnel believed it
was no longer on line, it had not been patched. A second breach
involved a server at the school's Technology Transfer Department. The
FBI is investigating both incidents.
http://www.computerworld.com/printthis/2006/0,4814,111113,00.html
http://www.cantonrep.com/index.php?ID=283728
[Editor's Note (Schultz): It is lamentable that an incident that
occurred last year was not discovered until recently, yet this is by no
means a rare development. Many organizations' incident detection
capabilities, if they exist at all, are terribly deficient.]

 --UK Retailer Source of Credit Card Data Theft
(28 April 2006)
An unnamed UK retailer has been identified as the source of a security
breach that has resulted in the reissue of at least 4,000 MasterCard and
Visa credit cards. At least three card issuers, the Clydesdale bank,
Morgan Stanley and Goldfish, which is part of Morgan Stanley, have begun
informing their affected customers of the breach and issuing then new
cards. MasterCard would not name the retailer to whom the breach was
traced. but insisted that MasterCard systems were not breached. Visa
also notified card-issuing entities as soon as it became aware of the
breach. In a separate story, UK companies are under no legal obligation
to inform their customers when their personal information is compromised
in a security breach.
http://software.silicon.com/security/0,39024888,39158482,00.htm
http://www.silicon.com/financialservices/0,3800010364,39158445,00.htm

 --Man Charged with Illegally Accessing County Computer System
(27 April 2006)
A Pennsylvania man has been charged with various computer crimes,
including unlawful use of a computer, for illegally accessing the
Lancaster County Computer Assisted Dispatch site. Duane Kline, who is
a lieutenant with the West Hempfield Fire and Rescue Company, allegedly
used the East Hempfield Township Police Department login and password
to access police intelligence and investigative information while at his
job at Northeast Agri Systems.
http://www.lititzrecord.com/pages/news/local/4/22302

MISCELLANEOUS
 --Laptops are the Latest Card Theft Tools
(3 May 2006)
As modern cars are increasingly protected by software, car thieves are
exploring a new vector of attack - laptop computers. Some cars no
longer require a key to start. Software programs can be used to gain
access to cars' computers, open doors and start engines. The
information is supposed to remain in the hands of locksmiths and car
manufacturers, but persistent thieves will find a way to obtain what
they seek.
http://www.leftlanenews.com/2006/05/03/gone-in-20-minutes-using-laptops-to-steal-cars/
[ Editor's note ( Northcutt): The most interesting line in the article
is "While automakers and locksmiths are supposed to be the only groups
that know where and how security information is stored in a car, the
information eventually falls into the wrong hands." Security through
Obscurity anyone? A similar article with more specifics can be found
at:
http://www.latimes.com/classified/automotive/highway1/yourwheels/la-hy-wheels8feb08,0,2648213.story?coll=la-class-highway1-yourwheels ]

 --Schools' Eyes Opened to Computer Security Threats
(29 April 2006)
Boston area public school systems have started taking steps to secure
their computer systems following a number of incidents that illustrated
the dangers inherent in lax policies. Boston Public Schools stepped up
security measures after a student at Boston Latin School accessed a
teacher's computer and viewed student records and tests. Two Brookline
High students were suspended for accessing the school's computer system
and altering grades; teachers at the school are now required to make
their passwords more difficult to guess. A Lexington High student was
investigated last year for allegedly altering his attendance records.
http://www.boston.com/news/local/massachusetts/articles/2006/04/29/schools_scramble_to_safeguard_computer_systems?mode=PF
[Editor's Note (Grefer): The schools would be well advised to use any
one of the various password cracking utilities to verify passwords'
strength.
(Schultz): Making passwords more difficult to guess will do some, but
not all that much good. The problem is with passwords, credentials that
date back almost to the advent of computers, as the basis for
authentication. The technology of breaking passwords and of stealing
them is now far ahead of the value that they deliver. Administrators for
these school systems would thus be well-advised to look into cost
effective alternatives to password-based authentication.]

 --Professional Security Certification Comparison And Assessment
(4 May 2006)
The GIAC Advisory board has been helping Stephen Northcutt work on a
document comparing the various certifications. This is not meant to be
a marketing tool, but rather something to help cluster apples with
apples and oranges with oranges. We seek reviewers willing to provide
substantive, considered advice, to make it the best tool possible. If
you hold one or more certifications and are willing to review and
provide feedback please contact Stephensans.edu for a copy of the
spreadsheet.

===end===

NewsBites Editorial Board:
Kathy Bradford, Chuck Boeckman, Rohit Dhamankar, Roland Grefer, Brian
Honan, Clint Kreitner, Stephen Northcutt, Alan Paller, John Pescatore,
Marcus Ranum, Howard Schmidt, Eugene Schultz, Gal Shpantzer, Koon Yaw
Tan, Mark Weatherford

Please feel free to share this with interested parties via email, but
no posting is allowed on web sites. For a free subscription, (and for
free posters) or to update a current subscription, visit
http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFEW3UQ+LUG5KFpTkYRAmUaAKCiB+ln++QEK/40fmOspA//52SnGgCfZ4jz
Wv6CkrcDXb8Tis3+DKBSeGE=
=DYhp
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]